All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.cert.ocsp.OCSPReq Maven / Gradle / Ivy

package org.bouncycastle.cert.ocsp;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.List;
import java.util.Set;

import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Exception;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ocsp.OCSPRequest;
import org.bouncycastle.asn1.ocsp.Request;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;

/**
 * 
 * OCSPRequest     ::=     SEQUENCE {
 *       tbsRequest                  TBSRequest,
 *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
 *
 *   TBSRequest      ::=     SEQUENCE {
 *       version             [0]     EXPLICIT Version DEFAULT v1,
 *       requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
 *       requestList                 SEQUENCE OF Request,
 *       requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
 *
 *   Signature       ::=     SEQUENCE {
 *       signatureAlgorithm      AlgorithmIdentifier,
 *       signature               BIT STRING,
 *       certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
 *
 *   Version         ::=             INTEGER  {  v1(0) }
 *
 *   Request         ::=     SEQUENCE {
 *       reqCert                     CertID,
 *       singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
 *
 *   CertID          ::=     SEQUENCE {
 *       hashAlgorithm       AlgorithmIdentifier,
 *       issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
 *       issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
 *       serialNumber        CertificateSerialNumber }
 * 
*/ public class OCSPReq { private static final X509CertificateHolder[] EMPTY_CERTS = new X509CertificateHolder[0]; private OCSPRequest req; private Extensions extensions; public OCSPReq( OCSPRequest req) { this.req = req; this.extensions = req.getTbsRequest().getRequestExtensions(); } public OCSPReq( byte[] req) throws IOException { this(new ASN1InputStream(req)); } private OCSPReq( ASN1InputStream aIn) throws IOException { try { this.req = OCSPRequest.getInstance(aIn.readObject()); if (req == null) { throw new CertIOException("malformed request: no request data found"); } this.extensions = req.getTbsRequest().getRequestExtensions(); } catch (IllegalArgumentException e) { throw new CertIOException("malformed request: " + e.getMessage(), e); } catch (ClassCastException e) { throw new CertIOException("malformed request: " + e.getMessage(), e); } catch (ASN1Exception e) { throw new CertIOException("malformed request: " + e.getMessage(), e); } } public int getVersionNumber() { return req.getTbsRequest().getVersion().intValueExact() + 1; } public GeneralName getRequestorName() { return GeneralName.getInstance(req.getTbsRequest().getRequestorName()); } public Req[] getRequestList() { ASN1Sequence seq = req.getTbsRequest().getRequestList(); Req[] requests = new Req[seq.size()]; for (int i = 0; i != requests.length; i++) { requests[i] = new Req(Request.getInstance(seq.getObjectAt(i))); } return requests; } public boolean hasExtensions() { return extensions != null; } public Extension getExtension(ASN1ObjectIdentifier oid) { if (extensions != null) { return extensions.getExtension(oid); } return null; } public List getExtensionOIDs() { return OCSPUtils.getExtensionOIDs(extensions); } public Set getCriticalExtensionOIDs() { return OCSPUtils.getCriticalExtensionOIDs(extensions); } public Set getNonCriticalExtensionOIDs() { return OCSPUtils.getNonCriticalExtensionOIDs(extensions); } /** * return the object identifier representing the signature algorithm */ public ASN1ObjectIdentifier getSignatureAlgOID() { if (!this.isSigned()) { return null; } return req.getOptionalSignature().getSignatureAlgorithm().getAlgorithm(); } public byte[] getSignature() { if (!this.isSigned()) { return null; } return req.getOptionalSignature().getSignature().getOctets(); } public X509CertificateHolder[] getCerts() { // // load the certificates if we have any // if (req.getOptionalSignature() != null) { ASN1Sequence s = req.getOptionalSignature().getCerts(); if (s != null) { X509CertificateHolder[] certs = new X509CertificateHolder[s.size()]; for (int i = 0; i != certs.length; i++) { certs[i] = new X509CertificateHolder(Certificate.getInstance(s.getObjectAt(i))); } return certs; } return EMPTY_CERTS; } else { return EMPTY_CERTS; } } /** * Return whether or not this request is signed. * * @return true if signed false otherwise. */ public boolean isSigned() { return req.getOptionalSignature() != null; } /** * verify the signature against the TBSRequest object we contain. */ public boolean isSignatureValid( ContentVerifierProvider verifierProvider) throws OCSPException { if (!this.isSigned()) { throw new OCSPException("attempt to verify signature on unsigned object"); } try { ContentVerifier verifier = verifierProvider.get(req.getOptionalSignature().getSignatureAlgorithm()); OutputStream sOut = verifier.getOutputStream(); sOut.write(req.getTbsRequest().getEncoded(ASN1Encoding.DER)); return verifier.verify(this.getSignature()); } catch (Exception e) { throw new OCSPException("exception processing signature: " + e, e); } } /** * return the ASN.1 encoded representation of this object. */ public byte[] getEncoded() throws IOException { return req.getEncoded(); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy